On Thu, Jan 30, 2014 at 02:05:11PM +0300, Dan Carpenter wrote:
> Hello Andy Grover,
>
> The patch bc118fe4c4a8: "target: Further refactoring of
> core_scsi3_emulate_pro_register()" from May 16, 2013, leads to the
> following static checker warning:
>
> drivers/target/target_core_pr.c:2177 core_scsi3_emulate_pro_register()
> warn: 'pr_reg' was already freed.
>
> drivers/target/target_core_pr.c
> 2161 * Release the calling I_T Nexus registration now..
> 2162 */
> 2163 __core_scsi3_free_registration(cmd->se_dev, pr_reg, NULL, 1);
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Frees "pr_reg".
>
> 2164
> 2165 /*
> 2166 * From spc4r17, section 5.7.11.3 Unregistering
> 2167 *
> 2168 * If the persistent reservation is a registrants only
> 2169 * type, the device server shall establish a unit
> 2170 * attention condition for the initiator port associated
> 2171 * with every registered I_T nexus except for the I_T
> 2172 * nexus on which the PERSISTENT RESERVE OUT command was
> 2173 * received, with the additional sense code set to
> 2174 * RESERVATIONS RELEASED.
> 2175 */
> 2176 if (pr_holder &&
> 2177 (pr_reg->pr_res_type == PR_TYPE_WRITE_EXCLUSIVE_REGONLY ||
> ^^^^^^^^^^^^^^^^^^^
> 2178 pr_reg->pr_res_type == PR_TYPE_EXCLUSIVE_ACCESS_REGONLY)) {
> ^^^^^^^^^^^^^^^^^^^
> Dereferences.
>
> 2179 list_for_each_entry(pr_reg_p,
> 2180 &pr_tmpl->registration_list,
> 2181 pr_reg_list) {
>
Oh, huh. There is another use after a couple lines later.
2190
2191 spin_unlock(&pr_tmpl->registration_lock);
2192 }
2193
2194 ret = core_scsi3_update_and_write_aptpl(dev, aptpl);
2195
2196 out:
2197 core_scsi3_put_pr_reg(pr_reg);
^^^^^^
Here.
2198 return ret;
2199 }
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
